As a cloud-based technology business, with a SaaS data management offering at the heart of our solutions, cyber security is part of our DNA. Our success in the industry is directly linked to our ability to keep our clients’ data safe and secure.

To keep up-to-date with the latest regulations, practices, and laws, we have a team of security experts working non-stop, keeping CloudM at the forefront of digital security protection.

As the risks associated with cyber attacks and data breaches continue to increase, information security has become a critical issue for every business. An effective approach should help defend against both external attacks and common internal threats such as accidental breaches and human error, and that’s exactly what we do.

Here’s a brief overview of the various standards we meet and the accreditations we hold to protect your data.

ISO 27001

The essential security accreditation that organizations should look for when choosing a provider is ISO 27001. This is the international standard that provides the specification for an information security management system (ISMS).ISO27001 is one of the most popular information security standards in the world, focusing on protecting three key aspects of information; confidentiality, integrity, and availability.

• Confidentiality means that the information is not available or disclosed to unauthorized people, entities, or processes.

• Integrity means that the information is complete and accurate and protected from corruption.

• Availability means that the information is accessible and usable as and when authorized users require it.

These three simple components ensure all information is dealt with in a professional, secure, and unimpaired manner. We’re proud to hold our ISO 27001 certification, but our security standards don’t stop there.

PCI DSS

The payment card industry data security standard (PCI DSS) was launched in 2004 and is the result of collaboration between major credit card brands American Express, Discover, MasterCard, and Visa.

It was created to allow the consistent and safe use of debit/credit cards globally, enabling people to use their cards without fear of having their bank accounts emptied.

Any business, merchant, or service provider that uses card payment must comply with the standard, or risk financial penalties or even removal from the system.

It’s a standard rather than a law, but any breach of PCI DSS is also a GDPR breach, as cardholder data is classified as personal data under the regulation.

To become PCI DSS compliant, as CloudM is, there are a dozen requirements that must be met by a company, with each requirement broken down into separate criteria.

These include things like Firewall configuration to protect cardholder data, the encryption of cardholder data, and regular testing of security systems and processes.

CloudM is, of course, fully compliant with both GDPR and HIPAA, but what exactly are these two things, and why are they different?

NCSC Cloud Security Principles

The National Cyber Security Centre (NCSC) is an organization set up by the UK Government, tasked with helping to make Britain the safest place to live and work online.

To mitigate the risk of cyber attacks, data breaches, and regulatory non-compliance, they created the Cloud Security Principles, which outline 14 guidelines for protecting information stored online.

These 14 guidelines cover everything from personnel security to the physical tampering of data.

We believe that transparency in security is vital, and so have outlined exactly how CloudM meets these principles in greater detail here on our knowledge base.

Pen tests

Penetration tests (often known as pen tests) are a way for companies to test out their cyber defenses without causing any real damage.

CloudM works with a 3rd party on a regular basis to execute our pen tests and search for any vulnerabilities within our systems.

New features, older systems, software updates… they’re all susceptible to outside attack and a pen test is an excellent way of sniffing out any weak points in a company’s security processes.

And it’s not simply threats from the outside. Systems are also checked with full access, ensuring that even with a username and password, no one can access anything they shouldn’t be able to.

Secure coding practices

Cyber security starts the very moment someone starts writing the code, which is why it’s important for our developers to practice secure coding.

Secure coding is the habit of writing software from the very beginning with possible vulnerabilities in mind.

Experienced developers know the risks and dangers out there, and can start to code against those threats from the earliest opportunity.

Our developers incorporate secure practices throughout the planning and development of a product or feature, minimizing the possibility of any chinks in the armour.

Your data is safe with us

This is just the tip of the iceberg when it comes to data protection and cyber security at CloudM.

Hacking from an outside threat is, of course, an issue for any business, but the most common form of data breach is simply due to poor/outdated systems or human error.

This is especially noticeable during a migration, but with over 68 million migrations under our belt, we know what we’re doing and how to do it safely.

Like the thousands of companies we’ve already worked with, you can trust your data with us, knowing that your information is safe, secure, and protected from corruption.